/**
* Creates a ROle object.
*
* @param roleName rolename
* @param privileges set of privileges
* @throws SMException
*/
public void createRole(String roleName, Set<String> privileges) throws SMException {
PrivilegeUtility privilegeUtility = new PrivilegeUtility();
Role role = null;
try {
role = privilegeUtility.getRole(roleName);
} catch (Exception e) {
role = new Role();
role.setName(roleName);
role.setDesc("Dynamically created role");
role.setApplication(
privilegeUtility.getApplication(
SecurityManagerPropertiesLocator.getInstance().getApplicationCtxName()));
Set<Privilege> privilegeList = new HashSet<Privilege>();
try {
for (String privilegeId : privileges) {
Privilege privilege =
privilegeUtility.getUserProvisioningManager().getPrivilegeById(privilegeId);
privilegeList.add(privilege);
}
role.setPrivileges(privilegeList);
UserProvisioningManager userProvisioningManager =
privilegeUtility.getUserProvisioningManager();
userProvisioningManager.createRole(role);
} catch (CSObjectNotFoundException e1) {
Utility.getInstance().throwSMException(e1, e1.getMessage(), "sm.operation.error");
} catch (CSTransactionException e2) {
Utility.getInstance().throwSMException(e2, e2.getMessage(), "sm.operation.error");
}
}
}
/**
* This is a temporary method written for StorageContainer - special case Used for
* StorageContainerBizLogic.isDeAssignable() method.
*
* @param roleId roleid
* @param objectId obj id
* @param privilegeName name of the priv
* @return boolean whether has privilege
* @throws SMException
*/
public boolean hasGroupPrivilege(String roleId, String objectId, String privilegeName)
throws SMException {
boolean hasPriv = true;
PrivilegeUtility utility = new PrivilegeUtility();
String groupId = utility.getGroupIdForRole(roleId);
Set<User> users;
try {
users = utility.getUserProvisioningManager().getUsers(groupId);
for (User user : users) {
if (!getPrivilegeCache(user.getLoginName()).hasPrivilege(objectId, privilegeName)) {
hasPriv = false;
}
}
} catch (CSObjectNotFoundException e) {
Utility.getInstance().throwSMException(e, e.getMessage(), "sm.operation.error");
}
return hasPriv;
}
/**
* This Utility method is called dynamically as soon as a Site or CollectionProtocol object gets
* created through the UI & adds detials regarding that object to the PrivilegeCaches of
* appropriate users in Session.
*
* @param objectId id
* @throws SMException e
*/
private void addObjectToPrivilegeCaches(String objectId) throws SMException {
try {
Collection<PrivilegeCache> listOfPrivCaches = getPrivilegeCaches();
ProtectionElement protectionElement =
privilegeUtility.getUserProvisioningManager().getProtectionElement(objectId);
Collection<ProtectionElement> protElements = new ArrayList<ProtectionElement>();
protElements.add(protectionElement);
for (PrivilegeCache privilegeCache : listOfPrivCaches) {
Collection<ObjectPrivilegeMap> objPrivMapCol =
privilegeUtility
.getUserProvisioningManager()
.getPrivilegeMap(privilegeCache.getLoginName(), protElements);
if (!objPrivMapCol.isEmpty()) {
privilegeCache.addObject(objectId, objPrivMapCol.iterator().next().getPrivileges());
}
}
} catch (CSObjectNotFoundException e) {
Utility.getInstance().throwSMException(e, e.getMessage(), "sm.operation.error");
} catch (CSException e) {
Utility.getInstance().throwSMException(e, e.getMessage(), "sm.operation.error");
}
}
